Cybersecurity has struggled for many years to make it onto the boardroom agenda. The perception of it as a purely technology function with limited strategic importance has led many organizations to take a short-term, check-box approach to managing cyber risk. This grossly undervalues the role cyber can and should have. In fact, one 2023 study finds that half (51%) of global business decision makers (BDMs) still consider it a “it a necessary cost but not a revenue contributor”, while 38% see it as a barrier rather than business enabler.
In fact, boards that are more engaged on cyber could stand a much better chance of achieving their strategic objectives.
Time for engagement
Boardroom interest in cybersecurity can vary significantly from business to business. That’s part of the reason why regulators are increasingly stepping in. The SEC’s recently introduced rules are designed to improve transparency and accountability to investors by forcing prompt incident disclosures and mandating boards to describe their oversight of and processes to manage cyber risk. The NIS2 regulation in Europe makes senior managers personally liable for non-compliance resulting in serious breaches. It gives regulators the potential power to temporarily suspend their role.
Even without the presence of such a big regulatory stick, it should be clear to boards that greater engagement with their CISOs makes sense, for many reasons. It could help them to:
- Preserve competitive advantage by protecting sensitive corporate data
- Bolster growth by mitigating threats which could impact the organization financially and reputationally
- Drive success by supporting digital transformation initiatives and R&D investment
- Open the door to new markets by ensuring the organization can comply with local privacy/cybersecurity laws
- Build trust with prospective and existing customers, partners and suppliers. A fifth (19%) of global BDMs claim their security posture has already impacted the organization’s ability to win new business
Putting the pieces in place
So how should boards plan their cybersecurity governance efforts? A report from the World Economic Forum (WEF) is instructive. It describes six principles for improved oversight of cyber-resilience which could also help to drive strategic goals. These are:
- Cybersecurity is a strategic business enabler.
- Understand the economic drivers and impact of cyber risk.
- Align cyber-risk management with business needs.
- Ensure organizational design supports cybersecurity.
- Incorporate cybersecurity expertise into board governance.
- Encourage systems resilience and collaboration.
This work should begin with board directors increasing their knowledge of cyber risk management. A great place to start would be closer interaction with their CISOs, who should ideally be reporting to the CEO for maximum exposure to the business.
The importance of data security
Cybersecurity is no simple task. But one core focus for boards must be on protecting the data itself. Why? Because data is arguably the most previous commodity an organization holds. It’s also key to winning customer trust. According to McKinsey, over half (53%) of consumers specifically look for companies with a reputation for protecting data, rising to 63% of those buying on behalf of organizations. And 46% say they’d consider switching brands when a company’s data practices are unclear.
The challenge for modern organizations is that data could be created, stored and moved across a number of distributed on-premises and cloud environments. That demands a data-centric security solution designed to continuously discovery, classify and then apply strong protection according to policy – wherever that data exists. Products like comforte’s Data Security Platform offer extra value in protecting data whilst enabling it to continue being used for processing and analytics.
Data security should sit at the core of a strategic, board-led approach to cyber. From Apple to banking giant HSBC, the organizations that get this right at the very top are likely to put themselves in the driving seat for long-term growth.